Last April 7th the Anonymous collective hit the Israeli networks with a huge as historic offensive, for the first time an independent group of hackers declared war to a Governments to protest against its policy. Many web sites of the country were hit by DDoS attacks, the data on the event reported by Israel government are totally different from the information published by Anonymous that produced a report for #OpIsrael in which total damage are estimated of $3-plus billion.

According security experts at TrendMicro the collective adopted various botnet coordinating large scale attacks, analyzing traffic directed to one of the targeted website, the researchers discovered that meanwhile usually more of 90% of the traffic is originated in Israel, during the attack almost the entire traffic was originated outside the country and internal connections have fallen to 9% as shown in the following chart:

What is surprising is that TrendMicro discovered that many IP addresses involved in the attacks were related to machine belonging to known botnets under the control of cyber criminals all over the world, how is Anonymous linked with cyber crime?

There are various hypothesis:

The hacktivists are renting criminal services in the underground, service already used for various criminal activities totally uncorrelated with anonymous. Is has no sense for Anonymous to own and manage a botnet for various reasons such as the necessity to elude investigation of law enforcement.

Criminal organizations joined in the attacks because instructed to hit specific targets or to acquire sensitive information.

Despite principal cyber criminal organizations operate in Eastern Europe and in Russia none of these countries seem to be involved in the attacks? How is it possible?

The attacks could have covered state sponsored operations, the Anonymous attack could be used as a diversionary tactic that has hijacked the attention far from the real targets of state sponsored hackers.

The investigation also revealed that IP addresses used in the attacks had been previously identified as victims of other attacks like exploit kits, fake antivirus applications and ransom-ware confirming the possibility involvement of cyber-crime.

TrendMicro post states:

“These attacks are not nearly as “harmless” as some would think.” "These findings highlight how major DDoS attacks are, at least in part, not just carried out by hacker groups like Anonymous but by cyber criminals as well. These attacks are not nearly as “harmless” as some would think."

Resuming …. Are we sure that the websites hit was really the targets of the attacks? Is it possible that third part actors were silently attacking other infrastructures?

In my opinion Anonymous has received a great and unexpected support from other entities …Does the collective really want this? I think no!